Microsoft Issues Its Own User-Data Transparency Report

Not to be outdone by Google, Microsoft has released a “2012 Law Enforcement Requests Report” that mirrors the search-engine giant’s regular disclosures of law-enforcement requests for user information. Microsoft’s report tallies up requests from countries around the globe.

The data contained in Microsoft’s report includes all law enforcement requests and court orders related to the company’s online and cloud services, such as SkyDrive, Xbox Live, Office 365 and Messenger. Microsoft has also broken out information for its Skype subsidiary as a separate dataset, because the latter falls under Luxembourg and EU legal jurisdiction; despite Microsoft’s acquisition of the company in 2011, law-enforcement requests for Skype data are still processed via Luxembourg.

“As noted in the data table (available in the PDF below) in 2012, Microsoft and Skype received a total of 75,378 law enforcement requests,” read Microsoft’s introduction to the report. “Those requests potentially impacted 137,424 accounts. While it is not possible to directly compare the number of requests to the number of users affected, it is likely that less than 0.02% of active users were affected.”

The United States accounted for 11,073 requests in 2012, focusing on 24,565 user accounts. Some 1,544 requests, or 13.9 percent, resulted in some “disclosure of content.” That’s far higher than many other countries on the list, which received exactly 0.0 disclosures in exchange for their requests.

In 2012, Microsoft also received 11 requests for email accounts it hosts for entities such as universities. “We only complied with four of those requests, either pursuant to contractual provisions or at the direct request of our customer,” the company added. “In the remaining seven instances, we either redirected law enforcement to the entity or rejected the request because we determined it to be invalid.”

Like Google, Microsoft also revealed some data bout the National Security Letters (NSLs) it receives, but chose to present that information as a range rather than specific numbers. Intended solely for national security matters—which means they can’t be issued in the course of criminal or civil probes—NSLs allow the FBI to obtain the name, address, length of service, and billing records of communications-service subscribers. Under current law, the FBI reports on its use of NSLs to Congress on an annual basis.

As with Google’s NSL disclosure, the ranges presented by Microsoft are extremely broad:

Whatever the law-enforcement request, Microsoft requires a valid subpoena or “equivalent document” before it considers releasing non-content data; for “producing content,” the company needs a court order or warrant. Microsoft follows the Electronic Communications Privacy Act for data hosted in the U.S.; Skype, as previously mentioned, operates under Luxembourg law.

YOUR CAREER. YOUR PATH.

Author Bio

Nick Kolakowski has written for The Washington Post, Slashdot, eWeek, McSweeney's, Thrillist, WebMD, Trader Monthly, and other venues. He's also the author of "A Brutal Bunch of Heartbroken Saps" and "Slaughterhouse Blues," a pair of noir thrillers.